Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Fixed In:
17.5.0
Opened: Jun 13, 2023 Severity: 3-Major
When a string field in the JSON schema has minLength/maxLength constraints, they are incorrectly interpreted as constraints on the number of bytes instead of the number of characters.
Requests incorrectly blocked, due to interpreting the constraints as byte length rather than character length.
JSON profile with a schema that includes a string field with minLength and maxLength constraints.
NoneString fields in JSON schema now correctly interpret minLength/maxLength constraints based on character length rather than byte length
String fields in JSON schema now correctly interpret minLength/maxLength constraints based on character length rather than byte length